Описание
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- PatchThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 7.0.0 (включая) до 7.8.24 (исключая)Версия от 7.10.00 (включая) до 7.10.11 (исключая)
Одно из
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00153
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
EPSS
Процентиль: 36%
0.00153
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79